urlscan.io logo urlscan.io
SecurityTrails logo

dogfood.zipcar.com Open in urlscan Pro
34.228.121.116  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://zipcar-risk-sandbox.zendesk.com/
Effective URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&re...
Submission Tags: @phish_report
Submission: On May 26 via api from FI — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 21 HTTP transactions. The main IP is 34.228.121.116, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is dogfood.zipcar.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on April 20th 2024. Valid for: a year.
This is the only time dogfood.zipcar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 104.16.53.111 13335 (CLOUDFLAR...)
1 8 34.228.121.116 14618 (AMAZON-AES)
1 142.251.221.74 15169 (GOOGLE)
6 172.67.68.188 13335 (CLOUDFLAR...)
3 142.250.204.3 15169 (GOOGLE)
2 142.250.66.196 15169 (GOOGLE)
1 142.251.221.67 15169 (GOOGLE)
1 34.102.232.42 396982 (GOOGLE-CL...)
21 8
2    104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)
zipcar-risk-sandbox.zendesk.com
8    34.228.121.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-121-116.compute-1.amazonaws.com
dogfood.zipcar.com
1    142.251.221.74 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f10.1e100.net
fonts.googleapis.com
6    172.67.68.188 (United States)

ASN13335 (CLOUDFLARENET, US)
aacdn.nagich.com
3    142.250.204.3 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net
fonts.gstatic.com
2    142.250.66.196 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f4.1e100.net
www.google.com
1    142.251.221.67 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net
www.gstatic.com
1    34.102.232.42 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 42.232.102.34.bc.googleusercontent.com
hexagon-analytics.com
Apex Domain
Subdomains		 Transfer
8 zipcar.com
dogfood.zipcar.com
2 MB
6 nagich.com
aacdn.nagich.com — Cisco Umbrella Rank: 21334
32 KB
4 gstatic.com
fonts.gstatic.com
www.gstatic.com
277 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 2
605 B
2 zendesk.com
zipcar-risk-sandbox.zendesk.com
2 KB
1 hexagon-analytics.com
hexagon-analytics.com — Cisco Umbrella Rank: 5680
297 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
21 7
Domain Requested by
8 dogfood.zipcar.com 1 redirects dogfood.zipcar.com
6 aacdn.nagich.com dogfood.zipcar.com
aacdn.nagich.com
3 fonts.gstatic.com fonts.googleapis.com
2 www.google.com dogfood.zipcar.com
www.gstatic.com
2 zipcar-risk-sandbox.zendesk.com 2 redirects
1 hexagon-analytics.com
1 www.gstatic.com www.google.com
1 fonts.googleapis.com dogfood.zipcar.com
21 8

This site contains links to these domains. Also see Links.

Domain
www.zipcar.com
Subject Issuer Validity Valid
dogfood.zipcar.com
Amazon RSA 2048 M02		 2024-04-20 -
2025-05-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
nagich.com
GTS CA 1P5		 2024-04-14 -
2024-07-13		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.com
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.hexagon-analytics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-27 -
2024-11-03		 a year crt.sh

This page contains 2 frames:

Primary Page: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Frame ID: 03196567B4CFD0FE45B62389923FFA66
Requests: 21 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF&co=aHR0cHM6Ly9kb2dmb29kLnppcGNhci5jb206NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=2g8e37ucites
Frame ID: FBEBD4AD5CE783F8891B9E747E06CF7B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Zipcar Login

Page URL History Show full URLs

  1. http://zipcar-risk-sandbox.zendesk.com/ HTTP 307
    https://zipcar-risk-sandbox.zendesk.com/ HTTP 301
    https://zipcar-risk-sandbox.zendesk.com/access HTTP 302
    https://dogfood.zipcar.com/idp/auth/zendesk?locale_id=1&return_to=https%3A%2F%2Fzipcar-risk-sandbox.zen... HTTP 302
    http://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=... HTTP 307
    https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

8
IPs

2
Countries

2141 kB
Transfer

7885 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://zipcar-risk-sandbox.zendesk.com/ HTTP 307
    https://zipcar-risk-sandbox.zendesk.com/ HTTP 301
    https://zipcar-risk-sandbox.zendesk.com/access HTTP 302
    https://dogfood.zipcar.com/idp/auth/zendesk?locale_id=1&return_to=https%3A%2F%2Fzipcar-risk-sandbox.zendesk.com&timestamp=1716733620 HTTP 302
    http://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false HTTP 307
    https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
dogfood.zipcar.com/
Redirect Chain
  • http://zipcar-risk-sandbox.zendesk.com/
  • https://zipcar-risk-sandbox.zendesk.com/
  • https://zipcar-risk-sandbox.zendesk.com/access
  • https://dogfood.zipcar.com/idp/auth/zendesk?locale_id=1&return_to=https%3A%2F%2Fzipcar-risk-sandbox.zendesk.com&timestamp=1716733620
  • http://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
  • https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
371942b516e4d55e39e8a1f9ea0f077d098118d8c676b59a1f72800901bfeafd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding
gzip
content-type
text/html;charset=utf-8
date
Sun, 26 May 2024 14:27:01 GMT
last-modified
Tue, 21 May 2024 15:16:00 GMT
server
envoy
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
4
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Non-Authoritative-Reason
HSTS
css
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.74 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f10.1e100.net
Software
ESF /
Resource Hash
19721b937dfc6f640df10f080f84c99fb12ae7222596010ce0608ba578860764
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Sun, 26 May 2024 14:27:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Sun, 26 May 2024 14:27:01 GMT
config.js
dogfood.zipcar.com/login/ 		387 B
564 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/config.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
a80e7dcf8eb7e63b040293d60edf470e5090e769b6f8c2a47bdf1f14951ffc05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
server
envoy
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
7
main.fb63b93c.js
dogfood.zipcar.com/login/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/static/js/main.fb63b93c.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
0d6f4e9c70c6f0a564e75005d7c5b0943251e7aa4d80eda2b4b8fe858fe97bc3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 20 May 2024 18:11:35 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
4
main.523c242e.css
dogfood.zipcar.com/login/static/css/ 		343 KB
64 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/static/css/main.523c242e.css
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
68484d2ec1aaeafe8f8cd79a6b7a91be5176e46271bb7edcd19454d45dddbe5f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 20 May 2024 18:11:35 GMT
server
envoy
vary
Accept-Encoding
content-type
text/css;charset=utf-8
x-envoy-upstream-service-time
3
accessibility.js
aacdn.nagich.com/core/2.1.2/ 		34 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/core/2.1.2/accessibility.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
529164e8ed891984bac0a44d6e95439e39254fb951ada60a36802ceeddf461aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dogfood.zipcar.com/
Origin
https://dogfood.zipcar.com
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
15109
x-xss-protection
1; mode=block
last-modified
Wed, 24 Jun 2020 12:24:28 GMT
server
cloudflare
etag
"87ef67224ad61:0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ap6wcLAeTF9LJ6lCIZLE0sMZnKdxU%2BAN%2FcIEcrd1uEDz6Svsq8umO7BXOWudvzJKENXOYDAiGxS83boZ7EMzKUnKQYBsT9VxwZdPy1GDpuaCfI4PHV14fi5yabOfuY6a4TA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
x-frame-options
deny
accept-ranges
bytes
cf-ray
889e7192fa70aadd-SYD
truncated
/ 		770 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02240ce2e54b0102931e28acf07dfa9b5bae00a8fb70e289d02afa4288979ff2

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW36eA1Ef.woff2
fonts.gstatic.com/s/asap/v30/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/asap/v30/KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW36eA1Ef.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f3.1e100.net
Software
sffe /
Resource Hash
17cd865a9e7fd7a182e73e5a0c56d45e75f1fe7727fa64481d50fe8d5ca1fe8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dogfood.zipcar.com
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 24 May 2024 03:14:50 GMT
x-content-type-options
nosniff
age
213134
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42656
x-xss-protection
0
last-modified
Tue, 06 Jun 2023 20:38:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 24 May 2025 03:14:50 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f3.1e100.net
Software
sffe /
Resource Hash
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dogfood.zipcar.com
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 24 May 2024 16:06:24 GMT
x-content-type-options
nosniff
age
166840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13980
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 24 May 2025 16:06:24 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f3.1e100.net
Software
sffe /
Resource Hash
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dogfood.zipcar.com
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 24 May 2024 01:41:19 GMT
x-content-type-options
nosniff
age
218745
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14168
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:29:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 24 May 2025 01:41:19 GMT
api.js
www.google.com/recaptcha/ 		884 B
605 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login/static/js/main.fb63b93c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.66.196 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f4.1e100.net
Software
GSE /
Resource Hash
e37af831403624f009ef9f12d71adf8f08459b7b7e9634504ccfe763583be578
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sun, 26 May 2024 14:27:03 GMT
default.css
aacdn.nagich.com/style/ 		11 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/default.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2172be828b0fd1ba4c0f653b83993eb11881e49e3be4f0fff04e482c04a0b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
3595
x-xss-protection
1; mode=block
last-modified
Mon, 23 Jan 2023 09:32:18 GMT
server
cloudflare
etag
"147e6e96d2fd91:0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1OQjXJJLujHhwuCU7jajDhA8sXDUPWIgYCtaLg7%2FjK%2FlV7vhHYQKWQJSehzDFfPjVQV6sfV0efhLxKMhv6x5EJcWcwf9EoUWTgF3EFwAXGNkgyQBBPyuDNBOCL2VEjwL9Hw%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
x-frame-options
deny
accept-ranges
bytes
cf-ray
889e719d0876aadd-SYD
btncolor.css
aacdn.nagich.com/style/ 		107 B
520 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/btncolor.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b074fbf6834f2d4b30c89feeebfae88f9723b6e3d722f8b88ce4bdbe61b933a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
202
x-xss-protection
1; mode=block
last-modified
Mon, 11 Feb 2019 11:17:50 GMT
server
cloudflare
etag
"4c2a96cfbc1d41:0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yTLh9D%2FeYZohJinucbPry4ncw9fT0gYJzib%2BDKkZmmzfDF4AzhOgLIGzv9lzfdAIzwGx9T9bVw%2FK542Jl1L04B5xY7gIGJgMOSlXbWmRa4HD90nbLalGbW98CAjjWA4SzZE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
x-frame-options
deny
accept-ranges
bytes
cf-ray
889e719d0877aadd-SYD
locale.js
aacdn.nagich.com/assets/scripts/ 		29 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/assets/scripts/locale.js
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6626d955670bb766fa4d7b59966addecf6b488506e21f73f343dc88b9872a2f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
9804
x-xss-protection
1; mode=block
last-modified
Sun, 18 Apr 2021 07:22:31 GMT
server
cloudflare
etag
"80d59982334d71:0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5djFj4Be8jP0Emp1utJ%2Fu0W7wgqfUJtJhjPa7qd9Cp7jdNH5sDeryNn9EeHNOiHENf%2B7vhZoqFxRu3oiE9Wlc8OrakqZ0YsVB7vH%2F18xSqX0ynv1AuYA7LZJKxY6mKfemmU%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
x-frame-options
deny
accept-ranges
bytes
cf-ray
889e719d0878aadd-SYD
recaptcha__en.js
www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/ 		522 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f3.1e100.net
Software
sffe /
Resource Hash
b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dogfood.zipcar.com/
Origin
https://dogfood.zipcar.com
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sat, 25 May 2024 23:44:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52984
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
211646
x-xss-protection
0
last-modified
Mon, 20 May 2024 04:00:47 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 25 May 2025 23:44:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame FBEB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF&co=aHR0cHM6Ly9kb2dmb29kLnppcGNhci5jb206NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=2g8e37ucites
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.66.196 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s23-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-HJy4vvzlYwNvvB-CxGYCQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'nonce-HJy4vvzlYwNvvB-CxGYCQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 26 May 2024 14:27:04 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
1.svg
aacdn.nagich.com/assets/images/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/assets/images/1.svg
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
065d9cc84b5e9e522cb774288b6403cf28562dcf80c13ae1e9549f1dc9cf6e7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:06 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
x-xss-protection
1; mode=block
last-modified
Thu, 15 Aug 2019 08:05:16 GMT
server
cloudflare
etag
W/"ef562c4053d51:0"
x-frame-options
deny
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KRMWzPcbGBLWuBpqabs8J5WMCiCUD3s35HJ5leYVTcOMBMoorBb%2FJEEZTdKmPeaS7KLsUk7HCp7X%2B0mc1NjF8tpxJjQciupkahEbZkzWLf1DoEqOqwZljaUr6X4tMEYGsHM%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
889e71a62e69aadd-SYD
custombtnstyle.css
aacdn.nagich.com/style/ 		4 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/custombtnstyle.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2f930658634b1bee750fdc6c453faacd9e79849856324dcc211b0627f4a059a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
869
x-xss-protection
1; mode=block
last-modified
Tue, 10 Mar 2020 09:11:26 GMT
server
cloudflare
etag
"0b350e0bbf6d51:0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhF4iH4g2ZwKPG4yGTajJqT3QsWebOUDrUGfKtgQs4f7fYAazg0cPdXWsOP%2FZClGnlM9gSvXfwONO%2FeYMflfMHJljzX8Mlp%2BPNpnnPVgDllrBtIKy0jSypPmTupf%2FnpM0k8%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2204800
access-control-allow-credentials
true
x-frame-options
deny
accept-ranges
bytes
cf-ray
889e71a62e6aaadd-SYD
sift_08-05-19.min.js
dogfood.zipcar.com/login/ 		61 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/sift_08-05-19.min.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
764e92fd1ca66b57b890d220bc8e52ae54d923279fb712c96a79cb07fb5442bc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 20 May 2024 18:10:36 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
3
favicon.ico
dogfood.zipcar.com/login/ 		17 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
79bae3e30887c345e94531359b19815fceb30ba957aebd12636015a7ded9b86a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 20 May 2024 18:10:36 GMT
server
envoy
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
x-envoy-upstream-service-time
2
auth
dogfood.zipcar.com/idp/api/anonymous/ 		172 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/idp/api/anonymous/auth
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login/static/js/main.fb63b93c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.121.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-121-116.compute-1.amazonaws.com
Software
envoy /
Resource Hash
35f7dce38302f305f8500b3961bcb5000d14e5b4f1e95c1f6aee84b82004195c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Accept-Language
en-AU,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Content-Type
application/json;charset=UTF-8

Response headers

date
Sun, 26 May 2024 14:27:05 GMT
x-correlation-id
93_1716733625867
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
server
envoy
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json;charset=utf-8
x-envoy-upstream-service-time
10
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
610695.gif
hexagon-analytics.com/images/ 		43 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hexagon-analytics.com/images/610695.gif?bk=5b80096763&tm=20&r=226682269&v=105&cs=UTF-8&h=dogfood.zipcar.com&l=en-AU&S=dd0dd61f3f4821e9b4077fe3e379126d&uu=b427140b1c69c1636f320f456c31b66&t=Zipcar%20Login&u=https%3A%2F%2Fdogfood.zipcar.com%2Flogin%3Freturn_to%3Dhttps%3A%2F%2Fzipcar-risk-sandbox.zendesk.com%26realm%3Dzendesk%26error%3Dnot_authenticated%26reauth%3Dfalse&ua=Mozilla%2F5.0%20(iPhone%3B%20CPU%20iPhone%20OS%2016_5_1%20like%20Mac%20OS%20X)%20AppleWebKit%2F605.1.15%20(KHTML%2C%20like%20Gecko)%20Version%2F16.5%20Mobile%2F15E148%20Safari%2F604.1&nm=2&mh=63196a00446a1e285d1992cfe444aa55&np=5&ph=332b72bdb211e34e6e3c24f88d7c393b&sh=1200&sw=1600&cd=24&p=iPhone&to=-480&d=0&ce=true&tp=0&ol=true&pr=Gecko&ps=20030107&vd=Google%20Inc.&vs=&hc=16&je=false&ss=true&ls=true&in=true&db=false&tl=false&tr=false&ts=true&tb=true&ab=false&cf=fae6548d136db15e45c35040a4cbd54b&z=z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.232.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.232.102.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://dogfood.zipcar.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Sun, 26 May 2024 14:27:05 GMT
via
1.1 google
x-content-type-options
nosniff
server
nginx
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ZIPCAR_LOGIN_CONFIG string| _user_id object| _sift function| onSubmit object| interdeal function| _ number| 2f1acc6c3a606b082e5eef5e54414ffb object| __core-js_shared__ function| onRecaptchaLoadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_234351 function| __siftFlashCB undefined| Sift object| PluginDetect

11 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AOBYsJU8BRjYP07MzdYu_LFDRs91dMnT8C2v3ZOei5kWf5V4PjGxFoFpBKEhrslLV8Oi2sS9VlBthPtwUKbgw98
zipcar-risk-sandbox.zendesk.com/ Name: _zendesk_shared_session
Value: -R0NFOEhvaSsxMWxTbGxMMDRlYkVFRDhGYTVtTS82WDFiVHhoUzVSZUVzdmhlQVdZTXgvN0c1ajAvbWNpcTkwV1VXa0pVMGxmM3VwMEE0dE1JK0xhZzBBaW1kL2tZck5kN0loRllWVzRtaW1aNktNVzYzMHhiZ2xTZmFaaEJWNHgya1p0Rmd1Vkc4cVRPWmFVbFovM2lRPT0tLXhQemNNbmJJbHdPN2tnUFdLa2IxaHc9PQ%3D%3D--ad43d1a68c5994708bb2f665d51257af902937af
.zipcar-risk-sandbox.zendesk.com/ Name: __cfruid
Value: ae8c88ddcfc55285e2a280c92bd2ef52dfc80bee-1716733620
zipcar-risk-sandbox.zendesk.com/ Name: _zendesk_session
Value: fBxJMFNZiaDqwqoyS53yPFxAOEm1KNSXTbNoJaqY9fYIRo4ESJ9xf2fjhN2uCivMoOufZYwQ2a9mCe8L7xSaIFQ4jZKrzOR7jYmtlvM2gTlu%2BILoEMkokjo8Rdf313d%2Bk0zRjiiS9KhJ63sM6%2FTrtBeHMp0D1X6JNjANhMX0m9dziWUBNVvcIwN%2BTzMuXbYaJ%2Fb7Wna50vnHnwhf36KRMXRUNlLvGanKtDXGrp%2BSs79vpM9hR3YbSZrXdae1Ko41dV5uJyJzkfo%2BwJQr3lKAjXxg1cNiL1Zw1gtCp%2FsjMLHy7EYw1KxGDHC3cXa0MVe3OwEcHgPVM9%2Fh8pOzn5joz4Chxq8QVtO3XTK6TxXFzEdovexGVPg0KA%3D%3D--Ne0r3J0fkbBCI4R9--JZMw7XVUMypzgduwazSwbA%3D%3D
.dogfood.zipcar.com/ Name: z-mdc
Value: 92_1716733621482
.zipcar.com/ Name: dogfood-z-mdc
Value: 92_1716733621482
dogfood.zipcar.com/ Name: csrfToken
Value: 3d7b82eee7904a0c9c8cb6dc350f2da7
dogfood.zipcar.com/ Name: sift_session_id
Value: 183d395b-f802-49d2-838d-daee21290df7
.zipcar.com/ Name: __ssid
Value: b427140b1c69c1636f320f456c31b66
.dogfood.zipcar.com/ Name: z-session-id
Value: CF8B86B12DF41B85CAF458B4A83C1F506BB486C9CC09C3C583292A4864474330
.zipcar.com/ Name: dogfood-z-session-id
Value: CF8B86B12DF41B85CAF458B4A83C1F506BB486C9CC09C3C583292A4864474330

4 Console Messages

Source Level URL
Text
recommendation verbose URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://dogfood.zipcar.com/login?return_to=https://zipcar-risk-sandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aacdn.nagich.com
dogfood.zipcar.com
fonts.googleapis.com
fonts.gstatic.com
hexagon-analytics.com
www.google.com
www.gstatic.com
zipcar-risk-sandbox.zendesk.com
104.16.53.111
142.250.204.3
142.250.66.196
142.251.221.67
142.251.221.74
172.67.68.188
34.102.232.42
34.228.121.116
02240ce2e54b0102931e28acf07dfa9b5bae00a8fb70e289d02afa4288979ff2
065d9cc84b5e9e522cb774288b6403cf28562dcf80c13ae1e9549f1dc9cf6e7c
0d6f4e9c70c6f0a564e75005d7c5b0943251e7aa4d80eda2b4b8fe858fe97bc3
17cd865a9e7fd7a182e73e5a0c56d45e75f1fe7727fa64481d50fe8d5ca1fe8a
19721b937dfc6f640df10f080f84c99fb12ae7222596010ce0608ba578860764
35f7dce38302f305f8500b3961bcb5000d14e5b4f1e95c1f6aee84b82004195c
371942b516e4d55e39e8a1f9ea0f077d098118d8c676b59a1f72800901bfeafd
529164e8ed891984bac0a44d6e95439e39254fb951ada60a36802ceeddf461aa
6626d955670bb766fa4d7b59966addecf6b488506e21f73f343dc88b9872a2f7
68484d2ec1aaeafe8f8cd79a6b7a91be5176e46271bb7edcd19454d45dddbe5f
6b074fbf6834f2d4b30c89feeebfae88f9723b6e3d722f8b88ce4bdbe61b933a
764e92fd1ca66b57b890d220bc8e52ae54d923279fb712c96a79cb07fb5442bc
79bae3e30887c345e94531359b19815fceb30ba957aebd12636015a7ded9b86a
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a80e7dcf8eb7e63b040293d60edf470e5090e769b6f8c2a47bdf1f14951ffc05
b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929
b2f930658634b1bee750fdc6c453faacd9e79849856324dcc211b0627f4a059a
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
e2172be828b0fd1ba4c0f653b83993eb11881e49e3be4f0fff04e482c04a0b42
e37af831403624f009ef9f12d71adf8f08459b7b7e9634504ccfe763583be578